Yahoo! Messenger up to 8.1.0.249 ActiveX Control ywcvwr.dll memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Yahoo! Messenger up to 8.1.0.249. This affects an unknown function in the library ywcvwr.dll of the component ActiveX Control. Executing a manipulation can lead to memory corruption. This vulnerability is registered as CVE-2007-3148. Furthermore, an exploit is available. Upgrading the affected component is recommended.
Details
A vulnerability has been found in Yahoo! Messenger up to 8.1.0.249 (Messaging Software) and classified as critical. This vulnerability affects an unknown code block in the library ywcvwr.dll of the component ActiveX Control. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
The bug was discovered 06/07/2007. The weakness was published 06/08/2007 by eEye Digital Security with eEye Digital Security as confirmed advisory (CERT.org). The advisory is available at kb.cert.org. This vulnerability was named CVE-2007-3148 since 06/11/2007. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known.
It is possible to download the exploit at saintcorporation.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 25459 (Yahoo! Messenger Webcam ActiveX Buffer Overflows), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115568 (Yahoo! Messenger Webcam ActiveX Controls Buffer Overflows).
Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 11818. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5415.
The vulnerability is also documented in the databases at X-Force (34759), Exploit-DB (4043), Tenable (25459), SecurityFocus (BID 24355†) and OSVDB (37081†). Similar entry is available at VDB-3108. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.yahoo.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 25459
Nessus Name: Yahoo! Messenger Webcam ActiveX Buffer Overflows
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Saint ID: exploit_info/yahoo_messenger_webcam
Saint Name: Yahoo Messenger Webcam Viewer ActiveX control buffer overflow
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Snort ID: 11818
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Timeline
06/06/2007 🔍06/06/2007 🔍
06/07/2007 🔍
06/07/2007 🔍
06/07/2007 🔍
06/07/2007 🔍
06/08/2007 🔍
06/08/2007 🔍
06/10/2007 🔍
06/11/2007 🔍
06/11/2007 🔍
06/11/2007 🔍
03/15/2015 🔍
01/13/2025 🔍
Sources
Vendor: yahoo.comAdvisory: kb.cert.org
Researcher: eEye Digital Security
Organization: eEye Digital Security
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-3148 (🔍)
GCVE (CVE): GCVE-0-2007-3148
GCVE (VulDB): GCVE-100-37210
CERT: 🔍
X-Force: 34759
SecurityFocus: 24355 - Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
Secunia: 25547
OSVDB: 37081 - Yahoo! Webcam Viewer ActiveX (ywcvwr.dll) receive Method Overflow
SecurityTracker: 1018204
Vulnerability Center: 15304 - Yahoo! Messenger WebCam Viewer Active X Controls Buffer Overflow Allows Arbitrary Code Execution, Medium
Vupen: ADV-2007-2094
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/15/2015 15:58Updated: 01/13/2025 03:54
Changes: 03/15/2015 15:58 (96), 07/20/2019 14:17 (2), 09/20/2024 15:47 (16), 01/13/2025 03:54 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.